COM infector

Details

Summary

This type of virus infects COM files. A COM file is a small (less than 65 kilobytes)
binary executable file. That format was widely used during DOS operating system era.
However this format was used for some utilities in Windows 95, 98 and ME. In Windows
NT, 2000 and XP there also exist COM files, but they are mostly files in EXE format
and were given COM extension for backward compatibility reasons.

Removal

Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

More information on scanning and removal options available in your F-Secure product
can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

A COM infector can be prepending (writes itself before the original file), appending
(writes itself to the end of the original file), overwriting (overwrites the original
file with its own code), inserting (inserts itself into gaps inside the original file)
and companion (renames the original file and writes itself with the original file's
name). A COM infector can be memory resident and non-memory resident. Memory resident
viruses stay active in memory, trap one or more system functions (usually interrupt
21h) and infect files while they are accessed. Non-memory resident viruses search
for COM files on a hard disk and infect them.

A COM infector can be non-encrypted, encrypted or polymorphic. An encrypted or polymorphic
virus consists of one or more decryptors and a main code. A decryptor decrypts main
virus code before it could be started. Encrypted viruses usually use fixed or variable
key decryptors while polymorphic viruses have decryptors that are randomly generated
from processor instructions and contain a lot of commands that are not used in decryption
process.